Hello, I am trying to connect a W7 machine through my Server 2008R2 WAP but then get the message: The server 'www.domain.com' presented a valid certificate issued by 'COMODO Certification Authority' but 'COMODO Certification Authority' is not configured as a valid trust anchor for this profile. If i choose to continue then I can connect but obviously carry a security risk. I installed a free SSL Cert from Comodo, I have checked that the 'AddTrust External CA Root' cert is already loaded in the 'Trusted Root Certificates' folder under the computer acount in certifricates console. Can someone please advise where I might be going wrong? I believe NPS is setup correctly, def a cert configuration issue, thanks in advance Oliver

Hi Oliver, Thanks for posting here. I’d suggest to first take look the explanations in the article below and modify system with following the workaround in the “Resolution” session: Windows Security Alert appears when connecting to a wireless network on a workgroup machine http://support.microsoft.com/kb/2518158 For more information if want to use a third party certificate to work with NPS please refer to the links below: Certificates and NPS http://technet.microsoft.com/en-us/library/cc772401(WS.10).aspx http://social.technet.microsoft.com/Forums/en-US/winserverNAP/thread/2065da39-289a-4ba1-bfd9-e0a556363a3d/#ce825879-00a6-4d7c-9e3a-1e070983b165 Thanks. Tiger LiTiger Li TechNet Community Support

Hi Oliver, Thanks for posting here. I’d suggest to first take look the explanations in the article below and modify system with following the workaround in the “Resolution” session: Windows Security Alert appears when connecting to a wireless network on a workgroup machine http://support.microsoft.com/kb/2518158 For more information if want to use a third party certificate to work with NPS please refer to the links below: Certificates and NPS http://technet.microsoft.com/en-us/library/cc772401(WS.10).aspx http://social.technet.microsoft.com/Forums/en-US/winserverNAP/thread/2065da39-289a-4ba1-bfd9-e0a556363a3d/#ce825879-00a6-4d7c-9e3a-1e070983b165 Thanks. Tiger LiTiger Li TechNet Community Support

Hi Tiger, Thank you very much for your feedback, the links below look very useful and am sure others will benefit too

Hi Tiger, Ok I decided to quit using the comodo cert in case the purposes in EKU extensions that correlate to the certificate use was configured incorrectly. I have installed Active Directory Certificate Services follwoing a tech guide on the net. I have setup a group policy under the 'default domain policy' which automatically downloads the trusted root CA to the client machine. Still cant connect and now get an error: Reason Code: 23 Reason: An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors. I fear that reading more articles is not going to help, what i ned to do is be able to view the EAP log files and try to find the root cause for the authentication failure but I cannot locate them, can you please point me in the right direction? Thanks